From 3c9cafe643e210b3a9a15ccd5c00fe76a865087a Mon Sep 17 00:00:00 2001
From: Chirag Patel <chirag.orbittec@gmail.com>
Date: Sun, 12 Feb 2023 19:06:54 -0800
Subject: [PATCH] Fixing the dockerfile to run as non-root user (#2687)

Signed-off-by: Chirag Patel <chirag_patel@intuit.com>
Co-authored-by: Chirag Patel <chirag_patel@intuit.com>
---
 agent.Dockerfile            | 2 +-
 router.Dockerfile           | 2 +-
 tools/tf2openapi/Dockerfile | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/agent.Dockerfile b/agent.Dockerfile
index 4cd48fcf02c..f4682564bef 100644
--- a/agent.Dockerfile
+++ b/agent.Dockerfile
@@ -15,7 +15,7 @@ COPY cmd/    cmd/
 RUN CGO_ENABLED=0 GOOS=linux go build -a -o agent ./cmd/agent
 
 # Copy the inference-agent into a thin image
-FROM gcr.io/distroless/static:latest
+FROM gcr.io/distroless/static:nonroot
 COPY third_party/ third_party/
 WORKDIR /ko-app
 COPY --from=builder /go/src/github.com/kserve/kserve/agent /ko-app/
diff --git a/router.Dockerfile b/router.Dockerfile
index 388cdb83b90..80c8808c487 100644
--- a/router.Dockerfile
+++ b/router.Dockerfile
@@ -15,7 +15,7 @@ COPY cmd/    cmd/
 RUN CGO_ENABLED=0  go build -a -o router ./cmd/router
 
 # Copy the inference-router into a thin image
-FROM gcr.io/distroless/static:latest
+FROM gcr.io/distroless/static:nonroot
 COPY third_party/ third_party/
 WORKDIR /ko-app
 COPY --from=builder /go/src/github.com/kserve/kserve/router /ko-app/
diff --git a/tools/tf2openapi/Dockerfile b/tools/tf2openapi/Dockerfile
index b5614c91f3e..9c07073f336 100644
--- a/tools/tf2openapi/Dockerfile
+++ b/tools/tf2openapi/Dockerfile
@@ -12,7 +12,7 @@ COPY go.sum  go.sum
 RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -o tf2openapi ./tools/tf2openapi/cmd
 
 # Copy tf2openapi into a thin image
-FROM gcr.io/distroless/static:latest
+FROM gcr.io/distroless/static:nonroot
 WORKDIR /
 COPY third_party/ third_party/
 COPY --from=builder /go/src/github.com/kserve/kserve/tf2openapi .